<?php
ob_start('ob_gzhandler');
session_start();

$username="dragonballpalace2";
$password="";
$database="dragonballpalace2_nl_db";

if($_SESSION['logged']!="TRUE") {
include('protect.inc.php');
}
$uname = $_SESSION['uname'];
$alevel = $_SESSION['alevel'];
if(stristr($_SERVER["HTTP_ACCEPT"],"application/xhtml+xml"))
{
header("Content-type:application/xhtml+xml;charset=utf-8");
}
else
{
header("Content-type:text/html;charset=utf-8");
}
header("Vary: Accept");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl">
<head>
<title>CrewCP g0tm@il.? v0.0.8.2</title>
<link rel="stylesheet" href="../CSS/crew.css" type="text/css"/>
</head>
<body>
<?php
if(!isset($_SESSION['logged'])){
echo "<div class=\"login\">\n";
echo "<strong>Key file recognized! <br /><br />\n";
echo "Please login $alevel, $uname!!!</strong>\n";
echo "<br /> <br /><br />\n";
echo "<form name=\"crewlogin\" action=\"clogin.php\" method=\"post\">\n";
echo "<fieldset>\n";
echo "<label for=\"uname\">Username: </label>\n";
echo "<input type=\"text\" name=\"uname\" id=\"uname\" /><br />\n";
echo "<label for=\"passwd\">Password:</label>\n";
echo "<input type=\"password\" name=\"passwd\" id=\"passwd\" />\n";
echo "</fieldset>\n";
echo "<br /><br />\n";
echo "<fieldset>\n";
echo "<img src=\"./sverify.php\" alt=\"Security verification code!\" />\n";
echo "<br />\n";
echo "<label for=\"sveri\">Enter security code:</label>\n";
echo "<input type=\"text\" name=\"sveri\" id=\"sveri\" />\n";
echo "</fieldset>\n";
echo "<input type=\"submit\" value=\"Login\" />\n";
echo "</form>\n";
echo "</div>\n";
echo "</body>\n";
echo "</html>\n";
exit();
}
else
{
echo "<strong>LOGGED IN! All security measures deactivated for this session!!!!!</strong>\n"; //Temporary solution!
}

if(!isset($_GET['p'])){
echo "<br /><br /><br />\n";
echo "<form action=\"crew.php\" method=\"get\"><input type=\"hidden\" name=\"p\" value=\"add\" /><input type=\"submit\" value=\"Add article\" /></form>\n";
echo "<form action=\"crew.php\" method=\"get\"><input type=\"hidden\" name=\"p\" value=\"sec\" /><input type=\"submit\" value=\"Security\" /></form>\n";
echo "<form action=\"crew.php\" method=\"get\"><input type=\"hidden\" name=\"p\" value=\"distr\" /><input type=\"submit\" value=\"Distribution management\" /></form>\n";
echo "<b>User data: $alevel, $uname</b>\n";
echo "</body>\n";
echo "</html>\n";
exit();
}

if($_GET['p']=="add"){
echo "<br /><br /><br /><form action=\"submit.php\" method=\"post\">\n";
echo "<label for=\"title\">Title:</label><input type=\"text\" name=\"title\" size=\"100\"/><br /><br />\n";
echo "<label for=\"cat\">Category:</label><input type=\"text\" name=\"cat\" size=\"100\" /><br /><br /><br />\n";
echo "<textarea name=\"mstory\" rows=\"20\" cols=\"70\">Input your story! For the moment input VALIDATED XHTML only!!!!</textarea><br /><br /><br />\n";
echo "<textarea name=\"extstory\" rows=\"30\" cols=\"70\">Input extended story here. The story that will appear when you press the more button.</textarea><br /><br />\n";
echo "<input type=\"submit\" value=\"Validate and transmit!\" />\n";
echo "</form>\n";
}

if($_GET['p']=="sec"){
echo "<br /><br /><br /><form action=\"submit.php\" method=\"get\"><input type=\"hidden\" name=\"act\" value=\"lock\" /><input type=\"submit\" value=\"Lock public access\" /></form><br /><br />\n";
echo "<form action=\"submit.php\" method=\"get\"><input type=\"hidden\" name=\"act\" value=\"ban\" /><input type=\"text\" name=\"buser\" /><input type=\"submit\" value=\"Ban user\" /></form><br /><br />\n";
echo "<form action=\"submit.php\" method=\"get\"><input type=\"hidden\" name=\"act\" value=\"banip\" /><input type=\"text\" name=\"bip\" /><input type=\"submit\" value=\"Ban IP-adress\" /></form>\n";

if($_SESSION['alevel']=="administrator"){
echo "<br /><br /><form action=\"crew.php\" method=\"get\"><input type=\"hidden\" name=\"p\" value=\"addspec\" /><input type=\"submit\" value=\"Manage special users\" /></form><br /><br />\n";
echo "<form action=\"submit.php\" method=\"get\"><input type=\"hidden\" name=\"act\" value=\"exclcrew\" /><input type=\"submit\" value=\"Exclude all non-admin\'s\" /></form>\n";
}
}
if($_GET['p']=="distr"){
echo "<br /><br /><br /><form action=\"send.php\" method=\"get\"><input type=\"hidden\" name=\"auth\" value=\"$uname\" /><input type=\"submit\" value=\"Give send authorisation\" /></form>\n";
if($_SESSION['alevel']=="administrator"){
echo "<br /><br /><form action=\"submit.php\" method=\"get\"><input type=\"hidden\" name=\"act\" value=\"bypasssend\" /><input type=\"submit\" value=\"Level A bypass!\" /></form>\n";
}
if($_SESSION['alevel']=="crew"){
echo "<br /><br /><form action=\"submit.php\" method=\"get\"><input type=\"hidden\" name=\"act\" value=\"bypasssend\" /><textarea rows=\"70\" columns=\"50\" name=\"reason\" value=\"Input an EXTENDED reason for your action! False reasons will be PUNISHED!\" /><br /><input type=\"submit\" value=\"Level C bypass!\" /></form>\n";
}
}
echo "<b>User data: $alevel, $uname</b>\n";
echo "</body>\n";
echo "</html>\n";

?>
